[Snyk] Upgrade winston from 3.3.3 to 3.8.1 #496

snyk-bot · 2022-09-08T01:23:54Z

Snyk has created this PR to upgrade winston from 3.3.3 to 3.8.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 9 versions ahead of your current version.
The recommended version was released 2 months ago, on 2022-06-30.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-ASYNC-2441827	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: winston

3.8.1 - 2022-06-30
Patch-level changes
- Update types to match in-code definitions in #2157; thanks to new contributor @ flappyBug
Dependency updates by @ dependabot + CI autotesting
- Bump logform from 2.4.0 to 2.4.1 in #2156
- Bump async from 3.2.3 to 3.2.4 in #2147
Full Changelog: v3.8.0...v3.8.1
3.8.0 - 2022-06-23
Added functionality
- Add the stringify replacer option to the HTTP transport by @ domiins in #2155
Dependency updates by @ dependabot + CI autotesting
- Bump @ babel/core from 7.17.8 to 7.18.5
- Bump eslint from 8.12.0 to 8.18.0
- Bump @ types/node from 17.0.23 to 18.0.0
- Bump @ babel/preset-env from 7.16.11 to 7.18.2
- Bump @ babel/cli from 7.17.6 to 7.17.10
Updates facilitating repo maintenance & enhancing documentation
- Explicitly note that the Contirbuting.md file is out of date
- Add instructions for publishing updated version by @ wbt (docs/publishing.md)
- Prettier Config File by @ jeanpierrecarvalho in #2092
- Readme update to explain origin of errors for handling (#2120)
- update documentation for #2114 by @ zizifn in #2138
- enhance message for logs with no transports #2114 by @ zizifn in #2139
- Added a new Community Transport option to the list: Worker Thread based async Console Transport by @ arpad1337 in #2140
New Contributors
- @ zizifn made their first contribution in #2138
- @ arpad1337 made their first contribution in #2140
- @ domiins made their first contribution in #2155
- made their first contribution in #2092
Full Changelog: v3.7.2...v3.8.0
3.7.2 - 2022-04-04
What's Changed
- Revert for #2103 in #2104
Full Changelog: v3.7.1...v3.7.2

The release announcement on GitHub is 24 days behind the NPM release in this case, sorry for the confusion!
3.7.1 - 2022-04-04
This change includes some minor updates to package-lock.json resolving npm audit failures: one in ansi-regex and another in minimist.

Full Changelog: v3.7.0...v3.7.1
3.6.0 - 2022-02-12
- Changelog updates for v3.6.0 5e72485
- Update dependencies, including latest logform (#2071) 93077ef
- Update to @ colors/colors (#2069) 035f94a
- Bump @ babel/core from 7.16.12 to 7.17.2 (#2068) 7665d88
- Bump @ babel/cli from 7.16.8 to 7.17.0 (#2064) e658389
- chore: add editorconfig (#2058) 30d260d
- Add search terms field to bug report template (#2067) 40ef309
- Bump @ types/node from 17.0.13 to 17.0.15 (#2062) c9b7579
- Chore: Organize and restructure tests (#2049) 2b8cd55
- Bump to latest winston-transport 2017c50
- Memory leak fix: do not wait for process.nextTick to clear pending callbacks (#2057) f741383
- Update linter dependencies and config (#2059) 438cb73
- Bump @ types/node from 17.0.10 to 17.0.13 (#2051) 7f6a6f2
v3.5.1...v3.6.0
3.5.1 - 2022-01-31
This release reverts the changes made in PR #1896 which added stricter typing to the available log levels,
and inadvertently broke use of custom levels with TypeScript (Issue #2047). Apologies for that!
3.5.0 - 2022-01-27
Read more
3.4.0 - 2022-01-10
3.3.4 - 2022-01-10
Version 3.3.4
3.3.3 - 2020-06-23